AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

Forgery-Resistant Range Queries via Multi-Client Order-Revealing Encryption

inforesearchPeer-Reviewed

researchsecurity

Source: IEEE Xplore (Security & AI Journals)April 17, 2026

Summary

Researchers discovered that two widely-used encryption schemes for secure database searches (m-ORE and om-ORE, which allow multiple parties to query encrypted data without revealing the queries or data) can be attacked by a malicious client and server working together to insert fake records into the database. The team developed a new scheme called MORES that fixes this vulnerability while also making searches about one-third faster and more efficient than the older schemes.

Solution / Mitigation

The source proposes MORES, described as 'the first multi-client ORE scheme that preserves range-query functionality while provably resisting arbitrarily malicious participants.' The text indicates MORES can serve as 'an immediate drop-in replacement for encrypted-database systems that demand both efficiency and robustness in adversarial environments,' but does not provide implementation details, version numbers, or step-by-step deployment instructions.

Classification

Attack Type

Model Poisoning

Attack SophisticationAdvanced

Impact (CIA+S)

integrity

Related Issues

high

CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling

Similar attackNVD/CVE Database

info

Model Stability Defense Against Model Poisoning in Federated Learning

Monthly digest — independent AI security research

Original source: http://ieeexplore.ieee.org/document/11483214

First tracked: May 2, 2026 at 08:03 AM

Classified by LLM (prompt v3) · confidence: 70%